Bug#926936: udev: systemd-udevd PID file name produces false positive with rkhunter for XORDDOS malware
Michael Biebl
biebl at debian.org
Fri Apr 12 22:22:24 BST 2019
Control: reassign -1 rkhunter
Am 12.04.19 um 14:53 schrieb Andrew J. Buehler:
> It is possible to whitelist this filename in rkhunter's configuration settings,
> but doing so does - however mildly - increase the likelihood that if this
> malware does get a foothold on the system, rkhunter will not detect it. Thus, a
> way to remove this false positive from the udev side would be preferable.
Fwiw, this only affects sysvinit systems and I'm not convinced the udev
package should work around rkhunter limitations.
Clearly this is a false-positive of rkhunter and should be fixed there.
I'll reassign this to rkhunter.
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190412/61970535/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list